System and Method for Video Recording, Management and Access

ABSTRACT

A server-based hosted application used to transmit and manage multiple media across the Internet. Digital video recorders (DVRs) collect media (such as video with or without audio) and record it to a local disk. DVRs are located in sites or stores where they are attached to cameras, microphones and point-of-sale (POS), or other data collection devices. The DVR accesses the Internet through a typical “residential” broadband connection. A hybrid peer-to-peer network allows peers (a DVR and an Internet browser) to directly transmit and receive video and audio (and other information, such as POS data). A hosted infrastructure tracks the presence of DVRs. A server-based application exposes a presence database to users. Users find DVRs via an Internet interface. Viewers can then connect to the DVR and its corresponding media collection devices (such as cameras, microphones and POS devices) and control collection and use of media information directly.

CROSS REFERENCE TO RELATED APPLICATION

This application is based upon, and claims priority to U.S. patentapplication Ser. No. 13/606,304, entitled System and Method for VideoRecording, Management and Access, filed Sep. 7, 2012, U.S. patentapplication Ser. No. 12/028,822, entitled System and Method for VideoRecording, Management and Access, filed Feb. 10, 2008, and U.S.Provisional Patent Application No. 60/890,229, entitled System andMethod for Video Recording, Management and Access, filed Feb. 16, 2007.The entirety of such applications, including all exhibits and appendicesare incorporated herein by reference.

FIELD OF THE INVENTION

This invention relates to a system and method for integrated video anddata recording, management and access. In particular, it relates to anetwork architecture that enables a user to easily access video andaudio media which is stored across a large number of geographicallydistributed storage systems via an Internet Protocol (IP) networkconnection.

BACKGROUND OF THE INVENTION

Video and data surveillance systems are commonly used by individuals,businesses, and governments to remotely monitor activity. Increasingly,the Internet is being used as a method of accessing, monitoring andcontrolling remote surveillance systems. For businesses, video and datasurveillance systems are frequently used to monitor one or more businessprocesses and data sources.

Data sources include access controls, RFID tag readers, fire alarmsystems, contact switches, motion detectors, environmental monitors,points of sale (POS) where transactions take place and other businessinformation systems. Surveillance systems are capable of collecting datafrom data sources for purposes of monitoring business processes, qualityassurance, safety, security, and fraud prevention. At POS locations,surveillance systems are capable of collecting transaction-relatedinformation. For example, if a cash register location is of interest,the surveillance system could capture a video image (plus audio, ifdesired) of the location as well as cash register data corresponding tothe date, time, persons and events that are being recordedvideo-graphically. Other places of interest, including delivery docks,dressing rooms, doorways, money handling areas, mechanical rooms, datacenters, construction sites, customer service areas and many more, arealso monitored by such surveillance systems.

As the number of surveillance locations increase within a singlebusiness site, and as the number of separate locations increase for aparticular business (for example, when the business owns multiplestores), the need to manage the collection and effective use ofsurveillance information increases correspondingly. In particular thecomplexity and manual steps required to use the system, ensure it isoperating correctly, perform maintenance and upgrade the surveillancesystem grows with the number of remote locations.

Internet-based video, audio and data collection systems available todayhave many limitations. As depicted in FIG. 1, network compatibilityissues arise because such systems often require each location to have astatic Internet Protocol (IP) address rather than a dynamic one, therebyresulting in substantial Internet Support Provider (ISP) expenses.Additionally, such systems require the computer network in which thevideo, audio and data collection system is installed to be configured toaccommodate the specific digital video recorder (DVR) that isimplemented in the system. This configuration step is a costly manualprocedure that requires a skilled worker.

Today's IP network video surveillance systems claim to eliminate theneed for a video recorder at the remote site. This is often cited as asuperior solution to installing a video recorder. However this solutionrequires large amounts of bandwidth, both at the remote location ifmultiple cameras are used and at a data center where the video isaggregated. The amount of bandwidth at the remote location normallyexceeds the capacity of standard broadband Internet connections. Toaccommodate the bandwidth requirements, expensive leased line circuitsmust be purchased. The cost for this bandwidth is often higher that abusiness is prepared to pay when there are many remote locationsinvolved. The only way to deal with this limitation is to install avideo storage device at each of the businesses remote locations, thusremoving the benefit of IP cameras without a video recorder at theremote site.

Often such systems offer limited POS support because, for example, onlya printer emulation mode is used, which delivers a limited portion ofthe entire data set that has been collected. Another limitation of suchsystems is that the data is poorly integrated with video. For example,many systems allow only video (excluding other data) information to beexported from the system. Other systems overlay data graphically overthe video, losing the ability to search and report on the datacollected. Once exported, access to the Video and possibly the data areno longer controlled by the surveillance system.

From the system perspective, current state-of-the-art video, audio anddata collection systems are limited because they comprise local systemsthat store surveillance information locally, they operate with staticsoftware. This solution is referred to as a standalone DVR. Thestandalone DVR normally requires a thick client solution—an approachthat requires the installation of software on each user's computer inorder to access video, audio and data collected at each standalone DVR.The thick client system with standalone video recorders contains noshared component between the many DVR's or the thick clients. This makesaggregating and sharing video, audio and data information very difficultand time consuming for users. In addition, such a video, audio and datacollection system requires a labor intensive process of viewing data onelocation at a time. Moreover, standalone DVR's and current thick clientsystems are expensive to place in the field because such systems requiremanagement of configuration, security and maintenance of the thickclient software installed on each user's computer and at each DVR. Thismanagement is labor intensive because it must be performed on each usersystem and each standalone DVR, one at a time. The number of users canbe substantial. In many businesses there is a desire for many employeesto use the system, often exceeding the number of locations in thebusiness. These limitations increase the complexity and cost of managingthe security, software, hardware and installation of the system to thepoint that in the best case, only a limited number of users are givenaccess to the system. In the worst case, the overall cost outweighs thebenefits and the system is not installed.

In light of these limitations, there is a need for a thin client networkarchitecture for a video, audio and data collection, monitoring andaccess system that links its users to remotely collected video, audioand data information and that provides the user comprehensive access to,and control over, the surveillance capabilities installed in remotefield locations. A “thin client” is a client computer or client softwarein a client-server architecture network that depends primarily on thecentral server for processing activities, and mainly focuses onconveying input and output between the user and the remote server. Manythin client devices run only Internet browsers or remote desktopsoftware, meaning that all significant processing occurs on the server.Accordingly, a system and method for integrated video, audio and datarecording, access, management and control is disclosed.

SUMMARY OF THE INVENTION

Exemplary embodiments of the present invention that are shown in thedrawings are summarized below. These and other embodiments are morefully described in the Detailed Description section. It is to beunderstood, however, that there is no intention to limit the inventionto the forms described in this Summary of the Invention or in theDetailed Description. One skilled in the art will recognize that thereare numerous modifications, equivalents and alternative constructionsthat fall within the spirit and scope of the invention as expressed inthe claims. It is not the intention to limit the claims, or any of theterms therein, to any specific embodiments disclosed in thespecification, unless specifically indicated as such.

In accordance with the present invention, the above-describedlimitations of surveillance systems have been reduced or eliminated. Inone embodiment of the present invention, a system is a thin client,hosted application used to transmit and manage multiple media across theInternet. Digital video recorders (DVRs) collect media (such as videowith or without audio) and record it to a local disk. These DVRs arelocated in sites or stores where they are attached to cameras,microphones and data sources. The DVR must also have Internet access,through any type of Internet Protocol (IP) connection, typically abroadband Internet connection. A hybrid peer-to-peer network allowspeers (a DVR and an Internet browser) to directly transmit and receivevideo and audio (and other information, such as POS data). A hostedinfrastructure assists in transmitting video between the DVR andInternet browser when necessary. The hosted infrastructure tracks thepresence of DVRs in a presence data base. A server-based applicationexposes the presence data base to users. Users find DVRs via an Internetbrowser interface. Viewers can then connect to the DVR and itscorresponding media collection devices (such as cameras, microphones andPOS devices) and control collection and use of media informationdirectly.

This network-based system allows a very large number of DVRs and viewerswith a minimum of hosted infrastructure. Minimizing the hostedinfrastructure is desired for reduced data center cost and helps preventthe data center from becoming a bottleneck for growth of the overallsystem. The hosted infrastructure supplies an Internet portal to thecustomer's data and media resources. The portal helps the customer tofind interesting data and media which may be located on DVRs distributedacross several of the customer's sites. The system service networkenables viewers and DVRs to find each other. It also serves as arendezvous point as necessary for communication to occur over securenetworks. The service network can also host advanced services that gobeyond the capabilities of individual media servers and viewers.Advanced services could include, for example, reporting, alerting, videoanalytics, media sharing and media archiving.

The above-described embodiments and implementations are for illustrationpurposes only. Numerous other embodiments, implementations, and detailsof the invention are easily recognized by those of skill in the art fromthe following descriptions and claims.

BRIEF DESCRIPTION OF THE DRAWINGS

Various objects and advantages and a more complete understanding of thepresent invention are apparent and more readily appreciated by referenceto the following Detailed Description and to the appended claims whentaken in conjunction with the accompanying Drawings wherein:

FIG. 1 is a block diagram depicting a current and typical state-of-theart video and data recording, monitoring and access system;

FIG. 2 is a block diagram depicting an exemplary embodiment of a videoand data recording, monitoring and access system constructed inaccordance with an aspect of the present invention;

FIG. 3 is a block diagram depicting a high level architecturalrepresentation of an exemplary embodiment of a video and data recording,monitoring and access system constructed in accordance with an aspect ofthe present invention;

FIG. 4 is a block diagram depicting a physical allocation of anexemplary embodiment of a video and data recording, monitoring andaccess system constructed in accordance with an aspect of the presentinvention;

FIG. 5 is a block diagram depicting both physical and functionalallocations of another exemplary embodiment of a video and datarecording, monitoring and access system constructed in accordance withan aspect of the present invention;

FIG. 6 is a block diagram depicting a method for incorporating video(and other data) collected by a data recording, monitoring and accesssystem into other applications constructed in accordance with an aspectof the present invention;

FIG. 7 is an illustration of a graphical user interface in an exemplaryembodiment of a data recording, monitoring and access system constructedin accordance with an aspect of the present invention;

FIG. 8 is a block diagram depicting both physical and functional lay outof a graphical user interface of an exemplary embodiment of a video anddata recording, monitoring and access system constructed in accordancewith an aspect of the present invention; and

FIG. 9 is a block diagram depicting a site map of another exemplaryembodiment of a video and data recording, monitoring and access systemconstructed in accordance with an aspect of the present invention.

DETAILED DESCRIPTION

Referring now to the drawings and referring in particular to FIG. 2,shown is a block diagram depicting an embodiment of the networkarchitecture 200.

FIG. 2 illustrates the system architecture 200 of one embodiment of avideo, audio and data recording, management and access system. Itillustrates several advantages of the present invention over the currentstate-of-the art surveillance systems for a system user that monitorsmultiple locations, for example a number of stores in differentlocations. A system environment 202 is depicted. In FIG. 2, threeseparate stores (store 1, store 2, and store 3) are depicted forillustrative purposes; however, one skilled in the art will recognizethat the system disclosed herein can be scaled to accommodate virtuallyany number of separate locations. As illustrated in FIG. 2, a set ofstore surveillance equipment (also referred to herein as “customerpremises equipment,” or “CPE”) comprises at least one data source,depicted in this example as a point-of-sale device 204, one or morevideo cameras 206, a digital video recorder (DVR) 208, a broadbandInternet access and firewall device (such as a broadband modem orrouter) 210, and access to the Internet 212 (such as via DSL, cable,satellite, wireless, or any other known or foreseeable method to accessthe Internet). Also within the system environment 202 is a data center214 which serves as the central access and control center for systemusers. Included in the data center 214 is a media (video and audio)storage device 216 which has the capability to store data (point of saleand other) and media (video, audio and other) information collected fromthe CPE at the remote locations (for example, at stores 1, 2 and 3).

As depicted in FIG. 2, the user 218 of the video, audio and datarecording system disclosed herein gains access to the system environmentvia an Internet portal to the data center 214. A standard computer 220having Internet access 222 provides such access to the systemenvironment 202, as does any other device that can access the Internet.For example, a cell phone, personal digital assistant (PDA) or othermobile device 224 can be used to access the system environment 202 viathe Internet. Third party applications, hosted on an enterprise system226, including, for example, video (and audio) analysis capabilities,are also accessible to the user 218 through the system environment 202.

The system architecture 200 solves several problems. First, it suppliesa service that allows users 218 to find and connect to plug-and-playdigital video recorders (DVRs) 208 and other CPE installed across theInternet usually behind a network address translating (NAT) device andfirewall 210. Second, it provides detailed control of the CPE, includingDVRs 208, and the DVRs' attached media capture devices, primarilycameras 206 (but also including, for example, POS devices 204) over thenetwork.

The system provides scalable search features, connectivity and controlof highly distributed live and archived audio/video. The system makes itpossible to easily access large quantities of unique content on highlydistributed media servers, including: tens of thousands of mediaservers; hundreds of petabytes of media stored on distributed mediaservers; tens of millions of transaction records originated fromdistributed data collection servers (the tens of thousands of mediaservers); and thousands of simultaneous viewers. The system has theability to keep track (anonymous or not) of media/viewer usage. Itpreferably features automatic, zero-configuration installation for mediaservers and viewers, and a low-cost, lightweight, low maintenanceinfrastructure.

The system environment 202 comprises consumer-grade broadband Internetaccess; media servers and viewers behind unknown, off-the-shelf retailor consumer-grade network address translating (NAT) and firewall;multi-vendor media servers and vendor extensible control functions; andlive or real-time video and stored video.

FIG. 3 depicts, at a high level, the architecture 300 of an exemplaryembodiment of a video, audio and data recording, monitoring and accesssystem. A system user 302 accesses a server-based application 304 via asecured Internet connection 306. The server-based application 304 linksthe user to video, audio and data stored on media servers 310. The mediaservers 310 are numerous and distributed, so they register themselves toa presence data base 308 so the server-based application 304 can easilylocate them. The presence technology allows Media servers 310 to belocated anywhere on the Internet, even behind broadband connections withnetwork address translation (NAT).

NAT is a technique of transmitting and receiving network traffic througha router that involves re-writing the source and/or destination IPaddresses (and usually also the TCP/UDP port numbers of IP packets asthey pass through). Most systems using NAT do so in order to enablemultiple hosts on a private network to access the Internet using asingle public Internet protocol (IP) address. Normally NAT systems onlyallow connections to be made from the private network 410 to the publicInternet, but not vice-versa.

The disclosed system enables peer-to-peer streaming of live and archivedaudio-plus-video between media servers and viewers. A distributed set ofdirectory services allow peers to publish their presence in the presencedata base 308 and search for and locate each other in the Internet.Secure control channels 312 and 314 allow interactive control of a mediaserver and its attached devices over the system network directly betweena user 302 and the media server 310. A standard set of controls aredefined as well as a method to transport arbitrary control data. Thetypes of controls performed include: live camera controls (for example,pan, zoom, and tilt); media start, media stop, media offset (time, byte,etc.); a search language to locate and search for media servers andmedia stored on those servers; and the ability to encapsulate arbitrarycontrol messages for the purpose of extension and backwardscompatibility support for multiple vendors and legacy media servers,which may not even be IP-based.

The system is preferably a server-based, hosted application used totransmit and manage multiple media across the Internet, although it iscontemplated that any other type of distributed data system may be usedto implement the system. Digital video recorders (DVRs) collect media(such as video or audio) and record it to a local disk. These DVRs arelocated in sites or stores where they are attached to cameras,microphones and point-of-sale (POS) devices. The DVR must also haveInternet access, through a typical broadband or other connection. Ahybrid peer-to-peer network allows peers (a DVR and an Internet browser)to directly transmit and receive video and audio. A hostedinfrastructure tracks the presence of DVRs. A server-based applicationexposes the presence database to users. Users find DVRs via an Internetinterface. Viewers can then connect to the DVR and control mediadirectly.

Referring now to FIG. 4, depicted is a block diagram representing aphysical allocation 400 of an exemplary embodiment of the disclosedvideo, audio and data recording, monitoring and access system. The enduser network 402 includes an NAT/firewall device 404. Access from theuser network 402 to the data center 406 is gained via the Internet 408.The customer network 410 also includes a NAT/firewall device 412. Withinthe data center 406 is a hub 414 that serves to house server-basedapplications and facilitate user access to media stored both locally atthe data center 406 and remotely at the customer network 410. Internetconnection 416 provides the user access to server-based applications.Registration and management connection 418 provides access between thedata center 406 and the customer network 410. Video control connection420 provides direct access between the user browser 422 and the DVR 424within the customer network 410. The system architecture depicted inFIG. 4 is simplified, showing only one user network 402 and one customernetwork 410, for illustrated purposes; however, one skilled in the artwill recognize that the system disclosed herein can be scaled toaccommodate any number of separate end user networks and customernetworks.

Referring now to FIG. 5, the overall system architecture 500 is dividedinto three functional areas: the browser 501, located within the enduser network 502; the customer premises equipment (CPE) appliance 509,located within the customer network 510; and the core 505, locatedwithin the data center 506. Each is described below.

The browser 501 comprises two components: the server-based application(or graphical user interface, “GUI”) 520, and the media player (orstream and control application) 522. The media player 522 managescontrol of media streams as well as presentation of the media to theuser.

The CPE appliance 509 comprises five components: First, the mediastreaming server 540. This server component is responsible forresponding to media streaming requests and media control. Second, theevent publisher 542, which is responsible for reliably transferring dataevents from the CPE appliance 509 to the core 505 or data center. Third,the presence management client 544, which is responsible forcommunicating the identification and address information about the CPEappliance to the core 505, as well as maintaining this information overtime. Fourth, the media search facility 546, which is responsible forsearching through video that is stored on the CPE appliance 509. Thiscomponent returns a URL that can be passed by a media player 522 to thestream server 540. And fifth, the communication management (VPN) 548facility. In one embodiment, a VPN tunnel 550 is used to guaranteetwo-way NAT/firewall traversal. In an alternative embodiment, the VPNtunnel is replaced or augmented with an alternative protocol for NATtraversal.

In one embodiment of the system, a VPN tunnel is utilized to perform NATtraversal. The following process is used to deal with network issuescreated by NAT. The media server 510 opens a VPN connection 550 to theVPN Server 536, which creates a two-way communication path between thecore 505 and the media server 510. Because the media server 510 opensthe connection from inside the customer network 510, no special NATconfiguration on the customer firewall 412 is required. The media servercommunicates its customer network 510 IP address and it's VPN Client 548IP address to the presence system. This creates two IP communicationspaths to the media server 510 which can be used by the core 505 and theStream and Control Interface 522. The VPN path guarantees that all thecomponents in the core 505 and the browser 501 always have at least oneavailable IP network path for direct control over remote cameras anddirect access to, and control over, media information (for example,stored video) stored on the media servers 310. The customer network 510can also be used as a communication path when the Stream and ControlInterface 522 determines it has access. The Stream and Control Interface522 in the user's browser 501 determines the best path by attempting tocommunicate to the native IP address of the media server 510 and the VPNassigned address of the media server 510. The Stream and ControlInterface 522 can use a variety of algorithms to choose which path ispreferred. In one embodiment, Stream and Control Interface 522 can use apriority assigned at the presence server 532 or in the Presence client544. In another embodiment the Stream and Control Interface 522 mayselect a communications path by sending requests to multiple IPAddresses and selecting the IP address responds first.

In another embodiment the VPN tunnel may be augmented or replaced by aalternative NAT traversal protocol. Several Internet proposed standardprotocols exist for this including STUN, TURN and ICE. In addition,methods for hole punching protocols are documented on the Internet.

The core 505 comprises four basic components: First, the Internetportal/application server 530, which is responsible for serving the webcontent and implementing the overall application logic. Second, thepresence server or system 532, which is responsible for responding topresence registration. Third, the event server (also referred to hereinas the event server) 534, which is responsible for storing andvalidating the sequence of transactions received from the CPE appliance509. And fourth, the virtual private network (VPN) server 536, which isresponsible for the server side processing of the VPN tunnel 550.

In one embodiment, the system network employs several protocols. Mediaserver 540 to data center 506 communication is facilitated by using avirtual private network (VPN) 550. Media server presence management ismanaged via session initiation protocol (SIP) and the REGISTER method.SIP also has many other capabilities that may be used to extendfunctionality of the system. SIP is an application-layer control(signaling) protocol for creating, modifying, and terminating sessionswith one or more participants. It can be used to create two-party,multiparty, or multicast sessions that include Internet telephone calls,multimedia distribution, and multimedia conferences. SIP is designed tobe independent of the underlying transport layer. SIP has the followingcharacteristics: It is transport-independent, because SIP can be usedwith UDP, TCP, ATM & so on. It is text-based, allowing humans to readSIP messages. SIP makes use of elements called proxy servers to helproute requests to the desired current location, authenticate andauthorize users for services, implement provider call-routing policies,and provide features to users. SIP also provides a registration functionthat allows users to upload their current locations for use by proxyservers. Since registrations play an important role in SIP, a User AgentServer that handles a REGISTER is given the special name “registrar.” Itis an important concept that the distinction between types of SIPservers is logical, not physical.

In one embodiment of the system, media setup and control is accomplishedvia real time streaming protocol (RTSP). Media search 546 isaccomplished via an extensible markup language (XML) messageencapsulated within hypertext transfer protocol (HTTP). Media accesssecurity is managed by use of a custom protocol. And event transmissionis accomplished by use of an advanced system log(syslognext-generation). Domain name system (DNS) will used by externalsystems, such as 3^(rd) party applications, which may not have directaccess to the presence system, to locate media server nodes. Forexample, Internet browsers and third-party software can use DNS to getthe current IP Addresses of media servers. This enables manyapplications on the Internet to communicate with media servers using theInternet standard DNS and without having to integrate to the system. Inone embodiment, the presence server is integrated with DNS servers usinga lightweight direct access protocol (LDAP) server. One of skill in theart would understand that any of the above preferences could besubstituted with a structure or process that performs a similar functionas those described above.

Following is a more detailed description of the presence system 534. Thepresence system 532 supplies a method for hosts to publish theirexistence on a network. In one embodiment of the system, a host in thepresence system is a DVR 510. Other embodiments may add the Stream andControl Interface 502 as a host in the presence system. The presencesystem 532 uniquely identifies each host and collects networkconnectivity information associated with each host. Connectivityinformation includes at least one of a plurality of IP addresses thehost currently had bound to it. This information is stored in a database for other applications to access. The presence system 532 willupdate the data base as necessary to maintain an up-to-date list of allconnected hosts. In addition, the system keeps a history of hosts whichhave connected in the past.

To be “present” on the network, the main functions the nodes perform arediscovery, registration and capability reporting.

The presence server 530 comprises at a minimum, the data indicatingwhich nodes have joined the network and those nodes' contact addresses.The presence server 530 comprises a central master data store andseveral read-only replicants. Reliability and scale is achieved usingsimple one-way replication of data from the master server to subordinateservers. All updates for contact information are sent to the masterdatabase server. All queries for contact information are directed to theread-only copies of the database. An advantage of this design is thatthere will be large numbers of very simple queries by many systems whichneed to know the current contact addresses for nodes in the presencesystem. In one embodiment of the system, an SQL database may be used forthe presence database. In another embodiment, an LDAP database may beused as a front-end to the presence database. In yet other embodiment,the DNS may be used as a front-end of the presence database as describedabove.

DVR appliances discover and connect to presence servers 532 located onthe public Internet. A server-based application 520 will use thepresence database to create web pages which contain reports and links toDVRs using the contact information from the presence database. Users canaccess currently connected DVRs by using the links provided by theserver-based application.

The presence system 532 meets the scale, reliability and performancerequirements defined in a deployment architecture. The hostedinfrastructure supplies an Internet portal to the customer's data andmedia resources. The portal helps the customer to find interesting dataand media which are likely located on DVRs distributed across thecustomer's sites.

In one embodiment, the presence server 532 runs an SIP User Agent Server(UAS). This server implements the SIP REGISTER method and maintains adatabase of information derived from the SIP registration process. Inaddition, enhancements are made to the SIP register to carry additionalIP network contact information.

The presence server 532 comprises data indicating which nodes (DVR's)have joined the network and those node's contact addresses.

Following is a more detailed description of the event server or system534. The purpose of the event server 534 is the centralized collectionof events from a CPE appliance 509 and/or external CPE systems 612connected to a CPE appliance 509. In one embodiment, the CPE applianceis a DVR. In most cases, event data can be correlated to media data viatimestamp information. Timestamps are applied by Event Publisher 542 asthe data is received. In addition, timestamps embedded in the event datamay be used. These timestamps allow the event data to provide anadditional index capability to the media (e.g., find all video relatedto void transactions between 1:00-3:00 PM today). The event data isavailable to the server-based application server 520 via the App Server530 and Event Server 534.

The event system 534 provides for the transmission of discrete eventmessages in either direction from the CPE appliance 509 to theserver-based application 520. The CPE Appliance 509 contains an eventpublisher 542. The event publisher 542 obtains or receives data from anexternal data source such as a POS 612. The event publisher 542 mayperform processing of the event data. Next the event publisher 542 sendsthis data to the Event Server 534. The Event Server 534 may also performprocessing of the data, and then stores the event data in a database538. In one embodiment, the event service 534 and event publisher 542are implemented as an event bus, enabling all the components in thesystem to observe events as they occur. For example, an event from adata source may be used to trigger media recording. The structure of theevent data is extensible and generally follows an attribute/value pairscheme.

The event system 534 supports real time publishing and storage (in thecore service layer 505) of a large volume of messages. In oneembodiment, thousands of messages per second may be received, processedand stored. In other embodiments, messages may be periodically stored inbulk to improve performance. Because timestamp information is applied bythe Event Publisher 542 the Event Server 534 is not required to loaddata in real time in order to preserve the important time stampinformation. It is acceptable (or even desired) to partition event dataacross multiple servers, therefore allowing for a static load balancingapproach which greatly increases capacity and performance for searchingevent data.

The most critical aspect of the event system 534 utility is its searchinterface performance with respect to the expected data volume (evenwith partitioning data across servers). The primary user of the searchinterface is the server-based application 520 which communicates withthe Application Server 530. Because the Application server and eventdata are located in the core 505, searching data across multiple datasources is straightforward. Using search criteria from the actual eventdata and achieving acceptable response time is an importantconsideration. In one embodiment, the search component allows dynamicrouting of search requests to a data store based on context information.The context may be based on the CPE appliance the event data wascollected from. In another embodiment, the data may be partitioned bythe identity of the customer.

Following is a more detailed description of the media server 540. Mediaservers (at the Appliance) acquire and generate media (video and audiodata). This media may be stored in a device containing a media server540, such as the Appliance 509, or in other storage devices. When mediais stored in a device containing a media server, 540 and Presence Client544, the data can be accessed by the overall system 500. Media servers540 normally reside within an Appliance 509. The Appliance 509 may belocated anywhere in a communications network. For example, the Appliance509 may be connected directly to the Internet 560, a customer network510 or to the Data Center 506 network. Media may be copied or moved froman Appliance 509 to a storage system without the Media Server 540 orPresence Client 544 where the media is considered to be offline andinaccessible to the system. Later, the media can be made accessibleagain by copying or moving the data to a device containing a MediaServer 540 and a Presence Client 544, such as an Appliance 509.

In one embodiment, a typical Appliance 509 containing a media server 540and Event Publisher 542 at a customer premise experiences the followingvolume: 3,000 events per day (at the low end), 11,000 events per day (atthe high end); peak 5-minute event volume of 100 records; peak 1-hourevent volume of 1200 records and approximately 1 Megabyte of video perminute, per video camera 606. A typical Appliance 509 will have 4-16video cameras 606 attached. The foregoing assumes busy hours at 7-9 am,11-2 pm, and 6-9 pm local time (with the majority of data arriving atthe data centers during these times). Other events times of interestinclude customer facility opening, closing, shift changes. In thisembodiment, the Event Server 534 and database 538 is sized to handle20,000 event publishers; 60-220 million events per day. The amount ofvideo stored however has no impact on any components within the Core 505of the Data Center. This is a significant scalability advantage oversystems which support only centralized storage of video. However,storage of video can be performed at the data center if desired. In oneembodiment, Video can be streamed from an Appliance 509 at the customernetwork back to the data center where it is stored in another, likelymuch larger Appliance. In another scenario, video data may be streamedby cameras directly to a Media Server 540 residing on an Appliance 509in the data center. One skilled in the art will recognize that customerpremises experiences will vary widely depending on the specificapplications and environments for which the system will be used.

The video, audio and data recording, management and access systemdisclosed herein is capable of capturing motion video and selectivelyrecording or storing only the video which contains motion. The amount ofstorage space used by motion video capture is based on an assumption ofhow much time per day there is motion, on average, across all camerasfor a given Appliance 509.

In one embodiment, “interesting media” is stored both on the Applianceat the customer location and at the data center. The quantity ofinteresting media is based on an assumption of sixty minutes of mediaper camera per day. Interesting media is defined by business rules. Anexample business rule is when motion occurs on the camera facing theback door between midnight and 6 am in the local time zone of thecustomer premise. Interesting media can automatically copied from theAppliance at the customer location to another Appliance 509 located atthe Data Center 506. This approach yields the advantage of continuousrecording of media at the customer premise, but also the advantage ofstoring the most important media at the data center where it can bepreserved outside of the customer network. One skilled in the art willrecognize that such assumptions will vary widely depending on thespecific applications and environments for which the system will beused.

Due to the large volume of storage space consumed by media (audio andespecially video), a preferred embodiment is to store all media at theAppliance 509 and only “interesting media” at media servers in the datacenter. In one embodiment where 20,000 Appliances are deployed, such animplementation saves over 1.7 petabytes of data transfer from theCustomer locations to the Data center and storage of that data at theData Center.

In the embodiment where 20,000 appliances are deployed, the interestingmedia amounts to approximately 250 TB of data transfer and storage permonth. At this time, this is not an overwhelming or exceedingly costlyamount of data to transfer and store. So transferring and storing the“interesting” media at central data centers is a viable option even atthe very large scale of 20,000 appliances. The processing of businessrules for “interesting media” for transfer to the central data centercan be performed by the Media Server 540 on the Appliance 509 or by theEvent Server 534 in the Data Center 506.

In addition, the increased speed of access, availability and reliabilityfor the “most interesting” video provides significant value for theuser. In one embodiment advanced video processing capabilities may beable to be performed on the “interesting video” that may requiresignificant computing power that is not available on a small, remotemedia server appliance.

Creation of business rules is be performed using the Application Server530. Individual customers may create their own rules and may also usecollaborative input from an interactive sharing environment hosted bythe Application Server 530. The information and business rules which arediscussed and created on the Application server 530 may then be sharedbetween different customers and across various users in order to educateand inform others of information relevant across a wide range ofindustries. For example, users may use the system to share informationconcerning new styles or methods of shoplifting so that other users ofthe system can be proactive to stop such occurrences from happening.

The location and length of time to store data is determined by businessrules and equipment capacity. Data may be stored from zero days toseveral years. However, the most common storage time is expected to be30 days. Storage procedures of event data and video data may varydepending on rules encompassing the event, location and user definedbusiness rules. After the storage time has expired, data may then bedeleted or moved to offline storage where it is considered an archive.The archived data may be copied to a device with a Media Server 540 andPresence Client 544 restoring system 500 access to the data.

Regarding point of sale (POS) systems, it is feasible and cost effectiveto store all event records for all customers on both the Appliance 509and at the data center 506. This is valuable for users to performsearches of this important event (or meta) data.

In one embodiment of the video, audio and data recording, management andaccess system, the Appliance 509 may operate over as many as threecustomer networks simultaneously. The presence client 544 and presenceserver 532 are capable of discovering these networks. The networks arethe local customer network 510, Internet 560 and VPN 550 connections ofthe Appliance.

The Event Publisher 542 and Event Server 534 enable reliable transportof messages from an Appliance 509 to the core 505. These componentsinclude error checking to prevent lost, dropped or altered messages. Inone embodiment the Appliance 509 is able to cache at least 48 hours(57,600 records) of event messages to mitigate network connectivity (tocore servers) outages.

The following items list any assumptions and dependencies to othercomponents of the system architecture:

Security—The Appliance 509 establishes a VPN tunnel 550 to the coreservices network 505, and this provides sufficient confidentiality. Froman authorization perspective, it is desired to validate the authenticityof the client by simply comparing the appliance id and IP address (whichis contained in any message from the event client 534) with the id/IPaddress pair that is registered with the presence server 532. Inaddition, a security system is used by the VPN Server to authenticatethe Appliance and for the Appliance to authenticate the VPN Server. Thisis to prevent unauthorized systems from connecting to the data centerand to prevent Appliances from connecting to a false data center. In oneembodiment, an SSL certificate based system using certificates for boththe clients and the VPN servers is used for this authentication.

Data Expiration—The time period which defines how long event data andthe related media data is stored is handled independently and can besubject to different algorithms.

External Interfaces—None of the interfaces of the event system 534 areto be used by non-trusted agents (only the services within the Core 505and Appliance 509 are trusted). External systems may interface throughthe Application Server 530 or by new components added to the Core whichimplement safeguards appropriate to the information being communicatedto the External system.

The web browser 501 contains a web application interface (or GraphicalUser Interface—GUI) 520 and comprises the following major components offunctionality, as illustrated in FIG. 9: a home page 904, configurationsites (appliances and media sources) 910, live viewing 914, searching916, and detailed configuration settings 918.

The following functionalities are provided by a system constructed inaccordance with one or more aspects of the present invention. The use ofany of the following terms in the claims is not meant to restrict suchclaim term to the specific descriptions included below, but to refer tothe functionality in general:

Relay Point—hardware I/O device cable of sensing ON/OFF (input) orsetting ON/OFF (output).

Media Player—the software residing within a user's web browser capableof rendering a specific media type on screen or via local speakers sothat the user can sense the media presented. The Media Player is alsoreferred to as the stream and control application 522.

Media Server—the server providing playback services for one or moremedia streams. Different media streams may originate from differentmedia servers. A media server may reside on the same or a different hostas the web server the media is invoked from. This is also referred to asthe Stream and Control Server 540.

Media Stream—the sequence of packets that convey a specific media typeover a network connection, e.g., an audio stream or a video stream.

Media—a generic reference to an instance of a specific type of media.Examples are media include audio data and video data.

Configuration Server—a software application residing in the network thathosts server configuration files and software updates to appliances.

Server-Based Application—the collection of software components andservers that together provide the application, management, and deliveryof video and audio media to the user.

Appliance or DVR—a device that contains a disk or other data storagedevice, connects to media inputs (e.g., cameras and microphones) andrecords media. The Appliance is often located on a customer network butmay also be on other communications networks including the Data Centerand the Internet.

User—person who uses the server-based application.

Referring now to FIG. 6, the following sections describe the end-userexperience of the System.

Installation. A typical installation comprises between 4 and 16 cameras606, although the system can be adapted to support any number ofcameras. These cameras 606 are installed with a system-compatible DVR orAppliance 608. The biggest difference in the customer premiseinstallation is the DVR 608 itself. The Appliance 608 replaces atraditional DVR. The Appliance is a self-contained, “black box” device.The DVR 608 comprises a network interface to attach to the customernetwork. The DVR 608 includes a serial interface for connection to adata source, such as a point of sale system 614, either directly or, byway of a local server 616 (as illustrated in FIG. 6). The DVR 608comprises a VGA monitor port that may optionally be used to connect toan external monitor.

The network interface on the DVR serves multiple purposes. It is usedfor communication with the Data Center which is required to utilize allthe DVR's capabilities. The network interface on the DVR may also beused to communicate with data sources such as a point of sale system. Inaddition, the network interface may be used to communicate with cameras.The DVR may also include BNC (bayonet Neill-Concelman) connectors on therear panel that connect to cameras using coaxial cables 610. The DVRnetwork connection is usually an RJ45 connector and uses Ethernet toattach to a broadband router 612 at the customer premise.

Finally, the DVR 608 includes a power cable (not shown). In oneembodiment, the DVR 608 does not have a keyboard or mouse.

In one embodiment, the DVR appliance 608 is physically installed andconnected to the local broadband router 612. When powered on, the DVR608 will dynamically request and receive an IP address from the localarea network (LAN) and then automatically connect back to the systemserver-based application 618. Advantageously, no configuration of thelocal broadband router 612 is needed or necessary. In other embodiments,the DVR appliance 608 may be configured with a static IP address by auser. After configuration of the IP address, the DVR appliance 608 willautomatically connect back to the system server-based appliance 618.

Once connected to the system server-based application 618, the appliance608 will automatically register with the server-based application 618and download any necessary configuration information.

Configuration. The DVR 608 is preferably pre-loaded with a defaultconfiguration. However, it is normally expected that a minimal amount ofsite-specific configuration will also be necessary. Typicalconfiguration changes would be to provide names, adjust the frame rate,recording parameters for quality and motion for each camera view. Inaddition, the DVR may be configured to retrieve and process data fromone more or data sources. These configuration changes are made via thesystem server-based application 618 which are then communicated with theAppliance DVR 608 on demand.

Connecting to the system server-based application 618. To access theserver-based application 618, the user 619 gains access to a personalcomputer 620 or other device (such as a smart phone, or PDA) adapted toaccess server-based applications, such as server-based application 618,via the Internet or other communications network 622. Typically abroadband Internet connection may be used. Any computer 620 or othersuch device can be used (e.g., the local server computer in the store616, a lap-top, a computer at home). The user can connect to the systemserver-based application 618 by directing a browser (for example,Internet Explorer, Mozilla or mobile web browser interfaces) to theInternet portal address of the server-based application 618. The usermay also access an enterprise server 625, such as a business systemsolution, that houses other business-related applications and data.

As illustrated in FIG. 6, a remote user 619 may access the server-basedapplication 618 directly (directional vector 5) or via an enterprisenetwork hosted on an enterprise server 624, corresponding to directionalvectors 1 and 2. Once the user 619 has accessed the server-basedapplication 618, the user may access the Appliance DVR 608 and receivedata from the other CPE that the Appliance DVR 608 communicates with,for example, cameras 606 and one or more data sources 614, asillustrated by vector 3. One skilled in the art will appreciate that thespecific CPE configuration may vary, depending on the specific locationto be monitored and the specific business and surveillance requirementsdemanded by the business. Additionally, one skilled in the art willappreciate that any number of separate CPE locations may be accessed bya single user in the same manner as depicted in FIG. 6.

In addition to the traditional approach to integration, where the videoapplication extracts data from other applications, an advantage of thepresent invention is that its server-based approach allows otherapplications to incorporate video into their existing interfaces. In oneembodiment, an Enterprise Application 624 may incorporate video byaccessing the Video Application 618 on behalf of the user 619. Anexemplary workflow, illustrated by vectors 1 through 4 in FIG. 6,includes the following: invoking an Enterprise Application 624 from theuser's personal computer 620; the user requesting data analysis from theEnterprise Application 624 which initiates video lookups from theEnterprise Application 624 to the server-based application 618;identifying video segments in response to the specific request, thevideo segments being stored on DVRs located at one or more CPElocations; directly transmitting video from the DVR to the user's remotecomputer 620; and displaying the video embedded within the GUI displayof the Enterprise Application 624 on the user's personal computer 620.

Typical use of the system involves first connecting to the server-basedapplication 618 and then accessing the functions of the system. FIG. 7illustrates one embodiment of the home page of the server-basedapplication. Through this interface, a user can view live video, searchand play recorded video, as well as make configuration changes. The homepage is the initial page that a user is taken to when the user logs in.Along with the standard menu bar at the top of the page, the home pagecomprises user-defined entries.

If the user has multiple sites, each with an installed DVR appliance608, the cameras and resources associated with each will be visiblethrough the server-based application.

The overall layout of the user interface for one embodiment isillustrated in FIG. 8. In general, every page is comprised of a set ofapplication control buttons across the top. Below and to the left, is anavigation section. Below and to the right is a main function section.In this example, the navigation section contains the list of sites, DVRand Cameras.

FIG. 9 illustrates a site map 900 for one implementation of the presentinvention. The site map 900 depicts the primary functions, each mappingto an application control button, described as follows:

Login/Logoff 902—logs the user into and off of the server-basedapplication site.

Home 904—initial home page for the application.

Sites 910—controls configuration and naming of the appliances that theuser can control. From the sites page 910, the user may access pages tocontrol appliances 930, administer appliances 932, and control media934.

Live View 914—allows viewing of live media from connected sites. Fromthe live view page 914, the user may access functions to obtain a viewof a single media source 940, multiple media sources 944, and pan, tiltand zoom control 946. From the single media view 940, the user mayaccess an event data function 942.

Search 916—allows searching through media. From the search page, theuser may access a search results function 950, and from the searchresults function 950, to a media player function 952.

Export 918—allows export of media via copying of the media to the user'sPC or to the data center.

Settings 920—allows change of various configuration settings in theserver based application. From the settings function, the user maynavigate to a change password function 960, a manage users function 970,and a manage profiles function 980. From the manage users function 970,the user may navigate to an add user function 972 and an edit userfunction 974. From the manage profiles function 980, the user maynavigate to an add profile function 982 and an edit profile function984.

In one exemplary embodiment of the present invention, all attempts toaccess the server-based application must be directed to the initialauthentication or login page 902. On this page, the user is prompted toenter a name and password. The authentication page offers to save thesecredentials so that the user does not need to access this page insubsequent visits. Username and password information are preferablystored in an encrypted fashion.

Once authenticated, the user is granted access to the server-basedapplication according to the user's profile and privilege level. As partof this authorization exchange, the user's domain is established. Thedomain is the administrative domain of the user. For example, the user'sdomain includes the set of appliances and services to which the user hasvisibility and access. Typically a domain encompasses one businessorganization. The server-based application supports many domainssimultaneously in order to cost effectively scale to support manycustomers.

Each domain has a default username called “admin.” This username hasadministrative access to all aspects of the Appliances and settingswithin that domain.

There is also a reset-password page. If a username is flagged in thesystem as having to be reset, then the user is forced to pass throughthe reset-password page, after completing authentication, but beforeproceeding to any other page. The reset-password page requires the userto enter a new password twice.

Passwords. Passwords are always stored encrypted. A user can't enter apassword for anyone but him or her self (including the admin user). Tochange a password for someone else, the admin user can request that aspecific user's password is reset. In this case, a random password isautomatically generated and emailed to the address associated with theuser. At next login, the user is prompted to reset his or her password.

In another embodiment, the overall layout of the sites page 910comprises the following:

Application/Media selection. The navigation section lists the mediainput sources that are available to configure. The structure of thissection is a hierarchical list (similar to the folders explorer bar infamiliar PC-based applications). It represents the set of Appliancesthat this user is authenticated to control. On each Appliance, it liststhe media sources that the user can control. This construct is hereafterreferred to as the appliance/media selection control.

The format of the main function section changes based upon clicks withinthe navigation section. If the user clicks on a site name, then the mainfunction section is set to appliance control. If the user clicks on amedia source name, then the main function section is set to the mediacontrol.

The appliance-control page 930 allows the user to set an alias for theappliance.

The appliance administration page 932 allows the user to control andmonitor the appliance. This page is accessed by selecting an applianceand then using the menu bar Site->Administration entry. This is animportant function which allows users to know their Appliances areoperating correctly and to manage Appliances distributed across a largenumber of sites.

The media control page 934 allows the user to control the media sourcesassociated with the appliance. The first section of this page allows theuser to set an alias for the media source and manipulate savedconfigurations. The second section of this page allows the user to viewand manipulate frame rate, resolution, and recording mode. If therecording mode is motion, then the next two lines control post motionrecord buffer and motion sensitivity. Radio buttons indicate and allow auser to start and stop recording for that media source. The thirdsection allows the user to view and control quality, brightness,sharpness, contrast, and hue.

The live view page 914 allows the user to view individual orcombinations of media streams. The navigation section is used to selectthe appliance and media sources to view. The main function section isused for media control and to display media images. An additionalsection can be added to the page that displays live transaction datacaptured by the appliance selected.

Media stream display. The main function section is used to display oneor more media streams, single view 940 and multi view 944, respectively.In one embodiment, it is structured as a set of control buttons acrossthe top of the page, one or more media display sections, and a set ofcontrol buttons across the bottom of the page. The top control buttonsreconfigure the layout of the display sub-sections. The bottom controlbuttons provide general control functions.

Media source controller view 946. If a media source (i.e., camera) hascontrol capability (i.e., pan-tilt-zoom), the controller interface canbe activated by opening the specific source in single view. Thecontroller is displayed as an additional section to the right of thesingle camera view. The main function section is resized to accommodatethe controller section.

The search function 916 is used to search through previously recordedmedia. The use of the search function requires navigation through twopages. The first page is used to specify the search criteria 916 and thesecond page is used to display the search results 950. The format of thesearch criteria page 916 follows the general format of the other pages.The navigation section is used to select the appliance and (optionally)media source for the search. If an appliance is selected, then thesearch applies to all media sources on that appliance. If specific mediasources are selected, then the search applies to only those mediasources. Multi-selection is possible which allows the selection ofmultiple appliances and/or multiple cameras.

The search results page 950 displays the results of the previous search.The format of this page is very similar to the search page, with a tableat the bottom (below the search criteria) that displays the appliancename, camera name, start time/date and end time/date of each media clipthat has been found. The camera names are displayed as a hyperlink. Ifclicked, then the user is directed to the media player page, with theselected media clip ready to stream.

In the media player page 952, the main function section is used todisplay one or more media streams. It is structured as a display/player,with a set of player controls below. The navigation section carries aset of auxiliary controls.

The settings page 970 allows the user to change attributes that are notspecifically related to appliances or media sources.

The change profile page 980 allows users to edit their own information.They can change information associated with their username. They canalso change their own password from the change password page 960.

The user management page 970 is used to add/delete/modify specific userswithin the domain.

Events are generated by the Appliance and sent to the server-basedapplication. These events are processed by the server-based applicationin a user-defined fashion. New event information is relayed to users viamultiple paths, including email as well as an event-console page.

A report is a collection of media footage and possibly data that isdisplayed together. The report is represented by a single link that canbe clicked to begin streaming of the media and display of the data. Thatsingle link might represent multiple, different media clips that areseamlessly linked together.

In conclusion, the present invention provides, among other things, asystem and method for recording, managing and accessing video, audio anddata. Those skilled in the art can readily recognize that numerousvariations and substitutions may be made in the invention, its use andits implementation to achieve substantially the same results as achievedby the embodiments described herein. Accordingly, there is no intentionto limit the invention to the disclosed exemplary forms. Manyvariations, modifications and alternative constructions fall within thescope and spirit of the disclosed invention as expressed in the claims.

What is claimed is:
 1. A system for two-way communication between afirst computer and a VPN client, the system comprising: a virtualprivate network (VPN) server having a plurality of public IP addresses,the VPN server associating one of the plurality of public IP addresseswith the VPN client, and the first computer having access to the one ofthe plurality of public IP addresses; and a VPN established between theVPN client and the VPN server, the first computer accessing data on theVPN client by pointing to the one of the plurality of public IPaddresses, whereby the VPN server routes communication from the firstcomputer to the VPN client via the VPN.
 2. The system of claim 1,wherein a server-based application operating on the VPN server providesa plurality of controls over the video camera.
 3. The system of claim 1,wherein the VPN server assigns a private IP address to the secondcomputer, associates the one of a plurality of public IP addresses withthe private IP address, and upon receiving communications from the firstcomputer directed to the public IP address, routes the communications tothe second computer via the private IP address.
 4. A video and datarecording, management and access system comprising: a user network; aVPN server; a customer network; and a VPN between the customer networkand the VPN server, the user network in communication with the customernetwork via a communications network and the VPN by means of the VPNserver.
 5. The video and data recording, management and access system ofclaim 4, wherein the communications network comprises the publicInternet.
 6. The video and data recording, management and access systemof claim 4, wherein a public IP address is assigned to the VPN server,the VPN server assigns a private IP address to the customer network andassociates the public IP address with the private IP address and uponreceiving communications from the user network directed to the public IPaddress, routes the communications to the customer network via theprivate IP address.
 7. The video and data recording, management andaccess system of claim 6, wherein multiple private IP addresses areassociated with the public IP address.
 8. The video and data recording,management and access system of claim 7, wherein each private IP addressis assigned to a digital video recorder (DVR).
 9. The video and datarecording, management and access system of claim 4, wherein a dataprocessing application, running on a data center having the VPN server,is operable on any of the user network, the data center, or the customernetwork.
 10. The video and data recording, management and access systemof claim 4, wherein data collected by the customer network is stored ona DVR appliance in the customer network.
 11. The video and datarecording, management and access system of claim 4, wherein the datacollected by the customer network is stored on a server in the datacenter.
 12. A method for recording, monitoring and accessing video anddata, the method comprising: establishing a virtual private network(VPN) from a VPN client to a VPN server; associating one of a pluralityof public IP addresses, assigned to the VPN server, with the VPN client;directing a transmission from a first computer to the VPN client throughthe public Internet by pointing the first computer to the one of theplurality of public IP addresses; and forwarding the transmission fromthe VPN server to the VPN client via the VPN and the public IP address.13. The method of claim 12, further comprising: creating an exception ina NAT and/or firewall of the VPN server enabling the first computer toaccess the VPN server via the public Internet.
 14. The method of claim12, further comprising: exposing the one of the plurality of public IPaddress to the first computer via the exception in the NAT and/orfirewall.
 15. The method of claim 12 further comprising invoking, fromthe first computer, a server-based application and viewing a videosignal within the server-based application.
 16. The method of claim 15further comprising controlling a video camera within the server-basedapplication.
 17. The method of claim 16, wherein controlling a videocamera within the server-based application includes panning, tilting andzooming the video camera; and adjusting quality, brightness, sharpness,contrast, and hue.
 18. The method of claim 12 further comprising:controlling a customer premises appliance; and monitoring a customerpremises appliance.
 19. The method of claim 12, wherein the transmissionfacilitates access to a customer premises appliance.
 20. The method ofclaim 19 further comprising accessing point of sale (POS) data stored onthe customer premises appliance.